The IFA’s Director of Professional Standards, Tim Pinkney, has cautioned against dismissing AML obligations as yet another regulatory burden eating into billable hours. As HMRC and professional bodies intensify reviews, non-compliant firms run the risk of fines and leaving their business and clients vulnerable.
Pinkney will delve into client risk assessment for small practices at the IFA’s upcoming AML Conference Online on 20 May. It features sessions on risk management, suspicious activity reporting and upcoming Companies House changes covering new identity verification requirements as part of an overhaul of its company registration system.
‘But I’ve known my clients for years…’
Some practice owners operate on the premise that client familiarity removes the need for risk assessment. Pinkney says this mindset is common among sole practitioners and small firms with longstanding client relationships, but it exposes them to money laundering risks.
“We still regularly see firms who claim they have no money laundering risks because they know all their clients personally,” says Pinkney, who chairs a cross-professional body subgroup on AML alerts. “That’s precisely when alarm bells should start ringing.”
Mandatory risk assessments are embedded in the UK’s compliance regime, with “no such thing as zero risk”. “Claiming no risk at all shows a fundamental misunderstanding of what money laundering actually involves,” Pinkney says.
Due diligence
Pinkney warns against relying on personal relationships rather than formal risk procedures. Collecting ID documents such as passports and utility bills should be the start of the process, not the entire customer due diligence (CDD) system.
“Proper CDD means understanding business models, the services being provided and, most importantly – the specific risks associated with each client relationship,” he says.
Routine tasks that seem benign such as payroll administration can conceal unexpected risks.
“How do you verify those people on the payroll actually exist?,” Pinkney says. “How do you know they’re not ghost employees or part of some exploitation scheme? Even with small payrolls where risks are minimal, you need to document what checks you’ve done and why you believe the risk is low.”
Long-term clients could be riskier
Decades-long relationships with clients can create dangerous blind spots. Pinkney says complacency with legacy clients is “one of the biggest vulnerabilities we see”. “You stop asking questions because you think you know everything about them already.”
What many small practitioners fail to recognise is that these established, trusted relationships are precisely what sophisticated money launderers look to exploit. Your comfortable 20-year client relationship might be exactly what makes you an attractive target.
“People’s circumstances change,” Pinkney says. “Businesses evolve. New pressures emerge. And sometimes, sadly, previously honest clients can be drawn into dishonest activities.”
“Claiming no risk at all shows a fundamental misunderstanding of what money laundering actually involves.”
Tim Pinkney, Director of Professional Standards, IFA
Risk assessment tools simplify compliance
The IFA has developed practical tools to simplify compliance for small practitioners under time pressure. These include straightforward Excel templates for CDD that covers onboarding information, generates an initial risk score and encourages annual reviews to track client risk profiles. These templates, which are available in the IFA website members’ area, are a helpful tool if properly implemented and customised to specific client databases.
On the issue of AML risk reviews, Pinkney says compliance obligations apply to everyone regardless of whether they have been reviewed.
“If you’ve not completed client risk assessments but are still working with clients, you’re technically breaking the law,” he says. “The review helps identify any short comings and helps firms rectify them – the compliance obligation exists regardless.”
AML alerts
Pinkney encourages practices to pay attention to the IFA’s AML alert emails about emerging money laundering threats, such as family offices or property transactions. “The real value for small practitioners is having this information stored so when you encounter something suspicious, you already know the warning signs,” he says.
Reframing AML compliance as both practice protection and a service enhancement rather than a burdensome task would motivate firms to maintain regular risk assessments.
“Proper AML procedures actually strengthen your client relationships by demonstrating professionalism and commitment to financial integrity,” he says. “It’s a differentiator in a crowded marketplace.”
Neglecting these obligations could lead to potential penalties including fines, practice restrictions and even criminal prosecution.
“This isn’t just bureaucratic box-ticking,” Pinkney says. “This is about protecting both your practice and your clients from being unwittingly drawn into criminal schemes.”
“Attend our upcoming online AML conference, set aside time to properly implement the templates we provide, and make compliance part of your regular workflow rather than a panicked scramble when review time comes.”
The IFA’s AML online conference will feature sessions on risk management, suspicious activity reporting and upcoming Companies House changes. Registration is open now through the IFA website, with recordings available afterwards for those unable to attend live. More information here.
